scholarly journals Cryptanalysis of Reduced round SKINNY Block Cipher

2018 ◽  
pp. 124-162 ◽  
Author(s):  
Sadegh Sadeghi ◽  
Tahereh Mohammadi ◽  
Nasour Bagheri
Keyword(s):  
Mixed Integer Linear Programming ◽  
Block Cipher ◽  
Mixed Integer ◽  
Differential Attack ◽  
Key Recovery ◽  
Zero Correlation ◽  
Impossible Differential ◽  
Key Recovery Attack ◽  
Correlation Attacks ◽  
Impossible Differential Cryptanalysis

SKINNY is a family of lightweight tweakable block ciphers designed to have the smallest hardware footprint. In this paper, we present zero-correlation linear approximations and the related-tweakey impossible differential characteristics for different versions of SKINNY .We utilize Mixed Integer Linear Programming (MILP) to search all zero-correlation linear distinguishers for all variants of SKINNY, where the longest distinguisher found reaches 10 rounds. Using a 9-round characteristic, we present 14 and 18-round zero correlation attacks on SKINNY-64-64 and SKINNY- 64-128, respectively. Also, for SKINNY-n-n and SKINNY-n-2n, we construct 13 and 15-round related-tweakey impossible differential characteristics, respectively. Utilizing these characteristics, we propose 23-round related-tweakey impossible differential cryptanalysis by applying the key recovery attack for SKINNY-n-2n and 19-round attack for SKINNY-n-n. To the best of our knowledge, the presented zero-correlation characteristics in this paper are the first attempt to investigate the security of SKINNY against this attack and the results on the related-tweakey impossible differential attack are the best reported ones.

scholarly journals Improved Conditional Differential Analysis on NLFSR-Based Block Cipher KATAN32 with MILP

2020 ◽  
Vol 2020 ◽  
pp. 1-14
Author(s):  
Zhaohui Xing ◽  
Wenying Zhang ◽  
Guoyong Han
Keyword(s):  
Mixed Integer Linear Programming ◽  
Time Complexity ◽  
Block Cipher ◽  
Mixed Integer ◽  
Differential Analysis ◽  
Nonlinear Feedback ◽  
Key Recovery ◽  
Nonlinear Feedback Shift Register ◽  
Feedback Shift Register ◽  
Key Recovery Attacks

In this paper, a new method for constructing a Mixed Integer Linear Programming (MILP) model on conditional differential cryptanalysis of the nonlinear feedback shift register- (NLFSR-) based block ciphers is proposed, and an approach to detecting the bit with a strongly biased difference is provided. The model is successfully applied to the block cipher KATAN32 in the single-key scenario, resulting in practical key-recovery attacks covering more rounds than the previous. In particular, we present two distinguishers for 79 and 81 out of 254 rounds of KATAN32. Based on the 81-round distinguisher, we recover 11 equivalent key bits of 98-round KATAN32 and 13 equivalent key bits of 99-round KATAN32. The time complexity is less than 2 31 encryptions of 98-round KATAN32 and less than 2 33 encryptions of 99-round KATAN32, respectively. Thus far, our results are the best known practical key-recovery attacks for the round-reduced variants of KATAN32 regarding the number of rounds and the time complexity. All the results are verified experimentally.

scholarly journals Subspace Trail Cryptanalysis and its Applications to AES

2017 ◽  
pp. 192-225
Author(s):  
Lorenzo Grassi ◽  
Christian Rechberger ◽  
Sondre Rønjom
Keyword(s):  
Block Cipher ◽  
Data Complexity ◽  
Secret Key ◽  
Differential Attack ◽  
Key Recovery ◽  
Special Cases ◽  
Impossible Differential ◽  
The One ◽  
Truncated Differential ◽  
Key Recovery Attacks

We introduce subspace trail cryptanalysis, a generalization of invariant subspace cryptanalysis. With this more generic treatment of subspaces we do no longer rely on specific choices of round constants or subkeys, and the resulting method is as such a potentially more powerful attack vector. Interestingly, subspace trail cryptanalysis in fact includes techniques based on impossible or truncated differentials and integrals as special cases. Choosing AES-128 as the perhaps most studied cipher, we describe distinguishers up to 5-round AES with a single unknown key. We report (and practically verify) competitive key-recovery attacks with very low data-complexity on 2, 3 and 4 rounds of AES. Additionally, we consider AES with a secret S-Box and we present a (generic) technique that allows to directly recover the secret key without finding any information about the secret S-Box. This approach allows to use e.g. truncated differential, impossible differential and integral attacks to find the secret key. Moreover, this technique works also for other AES-like constructions, if some very common conditions on the S-Box and on the MixColumns matrix (or its inverse) hold. As a consequence, such attacks allow to better highlight the security impact of linear mappings inside an AES-like block cipher. Finally, we show that our impossible differential attack on 5 rounds of AES with secret S-Box can be turned into a distinguisher for AES in the same setting as the one recently proposed by Sun, Liu, Guo, Qu and Rijmen at CRYPTO 2016

scholarly journals NEW KEY EXPANSION FUNCTION OF RIJNDAEL 128-BIT RESISTANCE TO THE RELATED-KEY ATTACKS

2018 ◽  
Author(s):  
Hassan Mansur Hussien ◽  
Zaiton Muda ◽  
Sharifah Md Yasin
Keyword(s):  
Mixed Integer Linear Programming ◽  
Block Cipher ◽  
Statistical Tests ◽  
Mixed Integer ◽  
Differential Attack ◽  
Key Schedule ◽  
Strict Avalanche Criterion ◽  
Boomerang Attack ◽  
Common Block ◽  
Provably Secure

A master key of special length is manipulated based on the key schedule to create round sub-keys in most block ciphers. A strong key schedule is described as a cipher that will be more resistant to various forms of attacks, especially in related-key model attacks. Rijndael is the most common block cipher, and it was adopted by the National Institute of Standards and Technology, USA in 2001 as an Advance Encryption Standard. However, a few studies on cryptanalysis revealed that a security weakness of Rijndael refers to its vulnerability to related-key differential attack as well as the related-key boomerang attack, which is mainly caused by the lack of nonlinearity in the key schedule of Rijndael. In relation to this, constructing a key schedule that is both efficient and provably secure has been an ongoing open problem. Hence, this paper presents a method to improve the key schedule of Rijndael 128-bit for the purpose of making it more resistance to the related-key differential and boomerang attacks. In this study, two statistical tests, namely the Frequency test and the Strict Avalanche Criterion test were employed to respectively evaluate the properties of bit confusion and bit diffusion. The results showed that the proposed key expansion function has excellent statistical properties and agrees with the concept of Shannon’s diffusion and confusion bits. Meanwhile, the Mixed Integer Linear Programming based approach was adopted to evaluate the resistance of the proposed approach towards the related-key differential and boomerang attacks. The proposed approach was also found to be resistant against the two attacks discovered in the original Rijndael. Overall, these results proved that the proposed approach is able to perform better compared to the original Rijndael key expansion function and that of the previous research.  

scholarly journals Clustering Related-Tweak Characteristics: Application to MANTIS-6

2018 ◽  
pp. 111-132
Author(s):  
Maria Eichlseder ◽  
Daniel Kales
Keyword(s):  
Block Cipher ◽  
Differential Cryptanalysis ◽  
Differential Attack ◽  
Key Recovery ◽  
Popular Approach ◽  
Differential Characteristic ◽  
Clustering Approach ◽  
Tweakable Block Cipher ◽  
Key Recovery Attack ◽  
Truncated Differential

The TWEAKEY/STK construction is an increasingly popular approach for designing tweakable block ciphers that notably uses a linear tweakey schedule. Several recent attacks have analyzed the implications of this approach for differential cryptanalysis and other attacks that can take advantage of related tweakeys. We generalize the clustering approach of a recent differential attack on the tweakable block cipher MANTIS5 and describe a tool for efficiently finding and evaluating such clusters. More specifically, we consider the set of all differential characteristics compatible with a given truncated characteristic, tweak difference, and optional constraints for the differential. We refer to this set as a semi-truncated characteristic and estimate its probability by analyzing the distribution of compatible differences at each step. We apply this approach to find a semi-truncated differential characteristic for MANTIS6 with probability about 2−67.73 and derive a key-recovery attack with a complexity of about 255.09 chosen-plaintext queries and 255.52 computations. The data-time product is 2110.61 << 2126.

scholarly journals Towards Key-recovery-attack Friendly Distinguishers: Application to GIFT-128

2021 ◽  
pp. 156-184
Author(s):  
Rui Zong ◽  
Xiaoyang Dong ◽  
Huaifeng Chen ◽  
Yiyuan Luo ◽  
Si Wang ◽  
...  
Keyword(s):  
Block Cipher ◽  
Recovery Process ◽  
Low Complexity ◽  
Differential Cryptanalysis ◽  
Linear Cryptanalysis ◽  
Linear Hull ◽  
Differential Attack ◽  
Key Recovery ◽  
Key Recovery Attack

When analyzing a block cipher, the first step is to search for some valid distinguishers, for example, the differential trails in the differential cryptanalysis and the linear trails in the linear cryptanalysis. A distinguisher is advantageous if it can be utilized to attack more rounds and the amount of the involved key bits during the key-recovery process is small, as this leads to a long attack with a low complexity. In this article, we propose a two-step strategy to search for such advantageous distinguishers. This strategy is inspired by the intuition that if a differential is advantageous only when some properties are satisfied, then we can predefine some constraints describing these properties and search for the differentials in the small set.As applications, our strategy is used to analyze GIFT-128, which was proposed in CHES 2017. Based on some 20-round differentials, we give the first 27-round differential attack on GIFT-128, which covers one more round than the best previous result. Also, based on two 17-round linear trails, we give the first linear hull attack on GIFT-128, which covers 22 rounds. In addition, we also give some results on two GIFT-128 based AEADs GIFT-COFB and SUNDAE-GIFT.

scholarly journals Improved Impossible Differentials and Zero-Correlation Linear Hulls of New Structure III

2021 ◽  
Vol 2021 ◽  
pp. 1-11
Author(s):  
Jun He ◽  
Xuan Shen ◽  
Guoqiang Liu
Keyword(s):  
Block Cipher ◽  
Characteristic Matrix ◽  
Linear Cryptanalysis ◽  
The Core ◽  
Round Function ◽  
Linear Layer ◽  
Zero Correlation ◽  
Impossible Differential ◽  
Impossible Differentials ◽  
Impossible Differential Cryptanalysis

Impossible differential cryptanalysis and zero-correlation linear cryptanalysis are two kinds of most effective tools for evaluating the security of block ciphers. In those attacks, the core step is to construct a distinguisher as long as possible. In this paper, we focus on the security of New Structure III, which is a kind of block cipher structure with excellent resistance against differential and linear attacks. While the best previous result can only exploit one-round linear layer P to construct impossible differential and zero-correlation linear distinguishers, we try to exploit more rounds to find longer distinguishers. Combining the Miss-in-the-Middle strategy and the characteristic matrix method proposed at EUROCRYPT 2016, we could construct 23-round impossible differentials and zero-correlation linear hulls when the linear layer P satisfies some restricted conditions. To our knowledge, both of them are 1 round longer than the best previous works concerning the two cryptanalytical methods. Furthermore, to show the effectiveness of our distinguishers, the linear layer of the round function is specified to the permutation matrix of block cipher SKINNY which was proposed at CRYPTO 2016. Our results indicate that New Structure III has weaker resistance against impossible differential and zero-correlation linear attacks, though it possesses good differential and linear properties.

scholarly journals Different Types of Attacks on Block Ciphers

2020 ◽  
Vol 9 (3) ◽  
pp. 28-31
Keyword(s):  
Block Cipher ◽  
Classical Method ◽  
System Of Nonlinear Equations ◽  
Algebraic Attack ◽  
Differential Attack ◽  
Different Types ◽  
Important Challenge ◽  
Impossible Differential ◽  
Linear Differential ◽  
Truncated Differential

Cryptanalysis is a very important challenge that faces cryptographers. It has several types that should be well studied by cryptographers to be able to design cryptosystem more secure and able to resist any type of attacks. This paper introduces six types of attacks: Linear, Differential , Linear-Differential, Truncated differential Impossible differential attack and Algebraic attacks. In this paper, algebraic attack is used to formulate the substitution box(S-box) of a block cipher to system of nonlinear equations and solve this system by using a classical method called Grobner  Bases . By Solving these equations, we made algebraic attack on S-box.

Sign in / Sign up

Export Citation Format

Share Document